Hackers Demonstrate Their Skills in Vegas

Even the ATM machines were suspect at this year's Defcon conference, where hackers play intrusion games at the bleeding edge of computer security.

With some of the world's best digital break-in artists pecking away at their laptops, sending e-mails or answering cell phones could also be risky.

Defcon is a no-man's land where customary adversaries - feds vs. digital mavericks - are supposed to share ideas about making the Internet a safer place. But it's really a showcase for flexing hacker muscle.

This year's hot topics included a demonstration of just how easy it may be to attack supposedly foolproof biometric safeguards, which determine a person's identity by scanning such things as thumb prints, irises and voice patterns.

Banks, supermarkets and even some airports have begun to rely on such systems, but a security analyst who goes by the name Zamboni challenged hackers to bypass biometrics by attacking their backend systems networks. "Attack it like you would Microsoft or Linux he advised.

Radio frequency identification tags that send wireless signals and that are used to track a growing list of items including retail merchandise, animals and U.S. military shipments_ also came under scrutiny.

A group of twentysomethings from Southern California climbed onto the hotel roof to show that RFID tags could be read from as far as 69 feet. That's important because the tags have been proposed for such things as U.S. passports, and critics have raised fears that kidnappers could use RFID readers to pick traveling U.S. citizens out of a crowd.

RFID companies had said the signals didn't reach more than 20 feet, said John Hering, one of the founders of Flexilis, the company that conducted the experiment.

"Our goal is to raise awareness," said Hering, 22. "Our hope is to spawn other research so that people will move to secure this technology before it becomes a problem."

Erik Michielsen, an analyst at ABI Research, chuckled when he heard the Flexilis claims. "These are great questions that need to be raised," he said, but RFID technology varies with the application, many of which are encrypted. Encryption technology uses an algorithm to scramble data to make it unreadable to everyone except the recipient.

Also on hand at the conference was Robert Morris Sr., former chief scientist for the National Security Agency, to lecture on the vulnerabilities of bank ATMs, which he predicted would become the next "pot of gold" for hackers.

The Internet has become "crime ridden slums," said Phil Zimmermann, a well-known cryptographer who spoke at the conference. Hackers and the computer security experts who make a living on tripping up systems say security would be better if people were less lazy.

To make their point, they pilfered Internet passwords from convention attendees.

Anyone naive enough to access the Internet through the hotel's unsecured wireless system could see their name and part of their passwords scrolling across a huge public screen.

It was dubbed the "The Wall of Sheep."

Among the exposed sheep were an engineer from Cisco Systems Inc., multiple employees from Apple Computer Inc. and a Harvard professor.

An annual highlight of the conference is the "Meet the Feds" panel, which this year included representatives from the FBI, NSA, and the Treasury and Defense departments. Morris and other panel members said they would love to hire the "best and brightest" hackers but cautioned that the offer wouldn't be extended to lawbreakers.

During the session, Agent Jim Christy of the Defense Department's Cyber Crime Center asked the audience to stand.

"If you've never broken the law, sit down," he said. Many sat down immediately - but a large number appeared to hesitate before everyone eventually took their seats.

OK, now we can turn off the cameras, Christy joked.

Some federal agents were indeed taking careful notes, though, when researcher Michael Lynn set the tone for the conference by publicizing earlier in the week a vulnerability in Cisco routers that he said could allow hackers to virtually shut down the Internet.

Lynn and other researchers at Internet Security Systems had discovered a way of exploiting a Cisco software vulnerability in order to seize control of a router. That flaw was patched in April, but Lynn showed that Cisco hadn't quite finished the repair job - that the same technique could be used to exploit other vulnerabilities in Cisco routers.

Cisco and ISS went to court to try to stop Lynn from going public, but Lynn quit ISS and spoke anyway. In the wake of his decision, Lynn has become the subject of an FBI probe, said his attorney Jennifer Granick.

Many at the conference praised Lynn.

"We're never going to secure the Net if we don't air and criticize vulnerabilities," said David Cowan, a managing partner at venture capital firm Bessemer Venture Partners.

And the vulnerabilities are plenty.

During his session on ATM machines, Morris said thieves have been able to dupe people out of their bank cards and passwords by changing the software in old ATM machines bought off eBay for as little as $1,000 and placing the machines out in public venues.

A few moments ago, renowned Linux kernel maintainer Greg Kroah-Hartman had the pleasure of announcing the general availability of the Linux kernel 4.8.13 and Linux kernel 4.4.37 LTS maintenance updates.
While many rolling GNU/Linux distributions have just received the Linux 4.8.12 kernel, it looks like Linux kernel 4.8.13 is now available with more improvements and bug fixes, but it's not a major milestone. According to the appended shortlog and the diff since last week's Linux 4.8.12 kernel release, a total of 46 files were changed, with 214 insertions and 95 deletions.

openSUSE's Douglas DeMaio reports on the latest Open Source and GNU/Linux technologies that landed in the repositories of the openSUSE Tumbleweed rolling operating system.

What Is A VPN Connection? Why To Use VPN?

We all have heard about VPN sometime. Most of us normal users of internet use it. To bypass the region based restrictions of services like Netflix or Youtube ( Yes, youtube has geo- restrictions too). In fact, VPN is actually mostly used for this purpose only. ​

The Libreboot C201 from Minifree is really really really ridiculously open source

Open source laptops – ones not running any commercial software whatsoever – have been the holy grail for free software fans for years. Now, with the introduction of libreboot, a truly open source boot firmware, the dream is close to fruition.
The $730 laptop is a bog standard piece of hardware but it contains only open source software. The OS, Debian, is completely open source and to avoid closed software the company has added an Atheros Wi-Fi dongle with open source drivers rather than use the built-in Wi-Fi chip.

Latest News

Games for GNU/Linux

Feral Interactive was proud to inform the media about the upcoming Christmas release of the immense DLC pack for the Total War: WARHAMMER turn-based strategy and real-time tactics video game to SteamOS and Linux.
Last month, on November 22, the UK-based video game publisher Feral Interactive brought us the Linux/SteamOS port of the astonishing and addictive Total War: WARHAMMER game developed by Creative Assembly and published by Sega. And now, they promise to port the Total War: WARHAMMER Realm of The Wood Elves DLC too.

Containers News

Victor Vieux from the open source Docker app container engine released new development versions of the upcoming Docker 1.13.0 major milestone and Docker 1.12.4 maintenance update for the current stable series.
The third Release Candidate (RC) version of Docker 1.13.0 arrived a couple of days ago with numerous minor tweaks and fixes to polish the software before it's tagged as ready for production and hits the streets, which should happen in the coming weeks. Docker 1.13.0 RC3 comes two after the release of the second RC build.

The conventional wisdom of Linux containers is that each service should run in its own container. Containers should be stateless and have short lifecycles. You should build a container once, and replace it when you need to update its contents rather than updating it interactively. Most importantly, your containers should be disposable and pets are decidedly not disposable. Thus the conventional wisdom is if your containers are pets, you’re doing it wrong. I’m here to gently disagree with that, and say that you should feel free to put your pets in containers if it works for you.

AMDGPU News

This morning's AMDGPU-PRO 16.50 preview included some 16.40 vs. 16.50 hybrid driver benchmarks, but for those wondering how 16.50 compares to Mesa 13.1-dev for RadeonSI OpenGL and RADV Vulkan, here are some preliminary tests for the two current Vulkan AAA Linux games.

AMD ran into a snag getting out the updated proprietary hybrid Linux driver stack this morning, but it's now available for download from AMD.
This page has the 16.50 Linux x86/x86_64 driver available for download.

While AMD developers have been working to improve their "DAL" (now known as "DC") display code for the better part of the past year and this code is needed for new hardware support as well as supporting HDMI/DP audio on existing AMDGPU-enabled hardware plus other features, it's still not going to be accepted to the mainline kernel in its current form.